Having trouble formatting my code to execute without error using sprintf() When I run the code I get this error: Parse error: syntax error, unexpected T_VARIABLE in /location on line 16
$query = sprintf('UPDATE `%s` SET `stock` = :amount WHERE `itemname` = '$q'', $tablename);
Above is line 16 in my code. I'm assuming it is syntax related.
I am now receiving the following error:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1065 Query was empty' in /home/content/63/6563663/html/inventory/pg.php:19 Stack trace: #0 /home/content/63/6563663/html/inventory/pg.php(19): PDOStatement->execute() #1 {main} thrown in /home/content/63/6563663/html/inventory/pg.php on line 19
This is my entire code block:
<?php
$u=$_GET["u"];
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form2")) {
$amount = isset($_POST['amount']) ? $_POST['amount'] : null;
if (null != $amount) {
$user = 'username';
$pass = 'password';
$pdo = new PDO('mysql:localhost', $user, $pass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
session_start();
$tablename = $_SESSION['MM_Username'];
$query = sprintf('UPDATE %s SET stock= :amount WHERE itemname= '.$u, $tablename);
$stmt = $pdo->prepare($UpdateQuery);
$stmt->bindParam('amount', $amount);
$stmt->execute();
}
}
?>
Thank you, seems my error is dealing with the PDO execution, not the query itself. If anyone has any ideas on that it would be great. Alan, I used your method for the quotes and also am running the query through mysql_real_escape_string().
